Awesome
SymExPorter
This is an upgraded fork of syms2elf with new features. The plugin exports symbols recognized by IDA, radare2, rizin & cutter to the ELF symbol table. This allows us to use IDA/r2/rizin/cutter capabilities in recognition functions (analysis, FLIRT signatures, manual creation, renaming, etc), but not be limited to the exclusive use of this tools.
Supports both 32 and 64-bit file format.
What's new?
- Added support for exporting global variable names, static variable names and constant names (the original syms2elf plugin supported exporting only function names).
- Plugin with new features was ported to rizin and cutter.
INSTALLATION
-
IDA: Copy
SymExPorter.pyto the IDA's plugins folder. The plugin will appear in Edit-->Plugins menu. -
radare2: Copy
SymExPorter.pyto the radare2's bin folder. Then, in radare2 environment, pass this command:#!pipe python ./SymExPorter.py <output_file>. -
rizin: Copy
SymExPorter.pyto the rizin's bin folder. Then, in rizin environment, pass this command:#!pipe python ./SymExPorter.py <output_file>. -
cutter: Copy
SymExPorter.pyto the Cutter's plugins/python folder. The plugin will appear in Windows-->Plugins menu.Requirements:
- r2pipe
- rzpipe
- Pyside2
EXAMPLE
Based on a full-stripped ELF:
$ file testelf
testelf: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, for GNU/Linux 3.2.0, stripped
Rename some functions and global variables in IDA, r2, rizin (cutter) run SymExPorter and select the output file.
After that:
$ file testelf_repaired
testelf_repaired: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, for GNU/Linux 3.2.0, not stripped
Now you can open this file with other tools and continue analyzing it.
AUTHORS
- Daniel García (@danigargu)
- Jesús Olmos (@sha0coder)
- Kirill Magaskin (@K1RPI7CH)
CONTACT
Any comment, issue or pull request will be highly appreciated!
This modification was started as a part of Digital Security's Research Centre internship "Summ3r of h4ck 2022".